Replica fails to attach to the RSA Authentication Manager 8.1 primary instance
RSA Authentication Manager 8.1 (virtual appliance), AM 8.1, AM 8.x attach replica, replica attach,
Attaching a replica to the RSA Authentication Manager 8.1 primary instance Exception in thread "Main Thread" com.rsa.ims.security.keymanager.sys.SystemFingerprintException: The user name specified does not have a password assigned to it at com.rsa.ims.security.lockbox.crypto.d.d(d.java:162) at com.rsa.ims.security.lockbox.crypto.d.b(d.java:43) at com.rsa.ims.security.lockbox.b.recoverSystemKey(b.java:431) at com.rsa.ims.security.keymanager.sys.FieldsManager$recoverSystemKey.call(Unknown Source) reported by appliance_setuplogs/install_logs/config/config.sh_Appliance_configureReplica_yyyymmddhhmmss.log Replica Attachement Status; Configuring replica instance and Starting Services has a Task Status Failed.
The user name specificed in the error message refers to the Operations Console account and it failed to expand and decrypt a zip file provided by the primary instance.
The following steps will reset an Operations Console administrative account, recover the finger print at the command line using the same Operations Console administrative account and generate a new replica package for the replica to use in the attach process.
After generating a replica package enter the replica URL (e.g. https://am81r.local.net) and enter the access code, provided on the local console. Click the link to setup a replica and configure the replica.
Resetting the Operations Console administrative account
Logon to the primary Security Console with an administrative account > Administration > Manage OC Administrators - click Change Password on the Operation Console User ID to change and confirm the change of password.
Recover the Fingerprint
Using an SSH session (or the local console) logon to the RSA Authentication Manager 8.1 primary with the 'rsaadmin' account.
Use this command to recover the finger print :/opt/rsa/am/utils/rsautil manage-secrets -a recover ?u <OC_admin> - p <OC_password>
** substitute the <OC_admin> with the Operations Console administrative account User ID where the password was reset and substitute the <OC_password> with the password **
rsaadmin@am81p:~> /opt/rsa/am/utils/rsautil manage-secrets -a recover -u ocadmin -p RSApass!
Machine fingerprint restored successfully.
Note: putting single ticks ' ' around the password on the command line will escape any Special character interpretation, e.g. -p 'RSApass!'
While this example password would not be a problem, it is recommended to use the single ticks to be on the safe side, or leave the -p option off the command line and enter the password at the prompt
Generate a Replica Package
Logon to the primary Operations Console with the Operations Console administrative account > Deployment Configuration >Instances > Generate Replica Package - Download replica_package.zip
This new replica_package.zip must be used during the attach process of the replica instance.